838548d82e9826e58a9c3ccca3774062988ef21a071c2cdbf90ef26cd24da03b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

838548d82e9826e58a9c3ccca3774062988ef21a071c2cdbf90ef26cd24da03bN
Size

162KB
Sample

240921-eq7b6svalg
MD5

14e4295a91a321d9223496849092b4e0
SHA1

a3092aa6c9f7891b9b3c4915c2e2fd7e3a216ac7
SHA256

838548d82e9826e58a9c3ccca3774062988ef21a071c2cdbf90ef26cd24da03b
SHA512

9e8ce87bd501ccba543eded068f41d07c5fc4aeb8b8b0443854609450cab2409d498ef70357eb6122c8722f0e19205a7dc9db0cfe981519d151d4d482d250849
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eGGxe7WpMaxeb0CYJ97lEYNR73e+eGGy:RqKvb0CYJ973e+eGGUqKvb0CYJ973e+l

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  838548d82e9826e58a9c3ccca3774062988ef21a071c2cdbf90ef26cd24da03bN
- Size
  
  162KB
- MD5
  
  14e4295a91a321d9223496849092b4e0
- SHA1
  
  a3092aa6c9f7891b9b3c4915c2e2fd7e3a216ac7
- SHA256
  
  838548d82e9826e58a9c3ccca3774062988ef21a071c2cdbf90ef26cd24da03b
- SHA512
  
  9e8ce87bd501ccba543eded068f41d07c5fc4aeb8b8b0443854609450cab2409d498ef70357eb6122c8722f0e19205a7dc9db0cfe981519d151d4d482d250849
- SSDEEP
  
  3072:6e7WpMaxeb0CYJ97lEYNR73e+eGGxe7WpMaxeb0CYJ97lEYNR73e+eGGy:RqKvb0CYJ973e+eGGUqKvb0CYJ973e+l
Score

9^/10

discovery ransomware
- Renames multiple (700) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryransomware

behavioral2

discoveryransomware